process: inspection concept #432
Conversation
|
The created documentation from the pull request is available at: docu-html |
aschemmel-tech
force-pushed
the
aschemmel-tech-patch-3
branch
from
654ee4d to
00753ed
Compare
| It is not the goal to merge this status, but to select the scope of the inspection | ||
| and use the github mechanisms for review comments and fixes of the work product. |
There was a problem hiding this comment.
Why not make a PR with inspected = true?
There was a problem hiding this comment.
Then you will have to change the requirement and the "hash" will be changed again
There was a problem hiding this comment.
As Jochen stated, we considered this but ultimately did not follow the idea any more (one reason is above).
There was a problem hiding this comment.
I now committed a solution with the status valid and valid(inspected) for requirement and architecture inspection, as this I think is the more natural procedure.
| In this review the same checklist as for the inspection should be considered, but need not to be filled out. | ||
|
|
||
| The last step is initiated by the safety manager, security manager or quality manager: | ||
| He asks the main work product author to set the work product's status to "review" and start a Pull-Request (PR). |
There was a problem hiding this comment.
The requirement flow is draft -> valid -> review -> valid?
There was a problem hiding this comment.
No an additional attibute will be set, but I documented this in the requirement process. Actually I wanted to align this with the operational community
There was a problem hiding this comment.
The "review state" will never be merged (this should be prevented by our checks). It is just a means to indicate which requirements shall be inspected (i.e. the scope of the inspection).
There was a problem hiding this comment.
removed this from proposal
| We expect that the work products need to mature during implementation and testing, | ||
| therefore we use a two-step approach for the review and inspection of work products. |
There was a problem hiding this comment.
So in the first stage we set requirements to valid, although we know they are wrong and will be reworked?
There was a problem hiding this comment.
Maybe we need to bring it in context of our branching strategy? Then it will get more clear
There was a problem hiding this comment.
It is unrealistic to expect that requirements are written as part of a feature request and expect those will be stable until release of the SW. We do not "know" those are "wrong" as we created those to the best of our knowledge. If we already do a formal inspection at this point, it will most certainly be a waste of time.
There was a problem hiding this comment.
we had a look at "best practice" solutions and agreed that for requirements and architecture a two step approach makes sense with a distribution of checks into a first microscopic/incremental review and a later macroscopic/overarching/full inspection. For implementation inspection we would not differentiate.
| GitHub will automatically ask for a review by the defined one or more "CODEOWNER" of the work product. | ||
| It is not the goal to merge this status, but to select the scope of the inspection | ||
| and use the github mechanisms for review comments and fixes of the work product. | ||
| The author additionally creates an Inspection Document by using the foreseen template. |
There was a problem hiding this comment.
We've abandoned inspection documents a while ago. Do we really need them in SCORE?
There was a problem hiding this comment.
Our initial idea was to comment it into the PR, but this can be altered afterwards ...
There was a problem hiding this comment.
Let's have a look at that. I would rather invest into some solution than go for anything manual.
There was a problem hiding this comment.
Our safety auditors will not accept an inspection where the result not documented. Any approach which ensures this, I am open to discuss.
There was a problem hiding this comment.
Current proposal is to add the checklist to the pull request (e.g. the comments field) in an automated manner.
| and use the github mechanisms for review comments and fixes of the work product. | ||
| The author additionally creates an Inspection Document by using the foreseen template. | ||
| In this document the inspection result will be documented for each checklist item | ||
| (pass/fail - with link to a ticket for the corrections, or by citing the checklist item in the github comment). |
There was a problem hiding this comment.
I will try to show an example to help.
| The author additionally creates an Inspection Document by using the foreseen template. | ||
| In this document the inspection result will be documented for each checklist item | ||
| (pass/fail - with link to a ticket for the corrections, or by citing the checklist item in the github comment). | ||
| The CODEOWNER(s)=reviewers will fill out the checklist document and add their findings on the work product in the PR. |
There was a problem hiding this comment.
So they have to do the work twice? Sorry, I'm still not sure why normal PR-findings are insufficient.
There was a problem hiding this comment.
There is no intention to do double work, but it should be shown also that checklist items were checked as "passed" (which I usually do not expect to see in a PR review).
There was a problem hiding this comment.
modified text to make clearer
| #. Create requirement | ||
| #. (Informal) Pull-Request Review | ||
| #. Merge valid requirement to main | ||
| #. During development and verification steps the requirement is reworked and again put to PR Review |
There was a problem hiding this comment.
Maybe what you aim at is something like Draft -> Submitted -> Valid?
There was a problem hiding this comment.
Or Draft -> Valid -> Reopened -> Valid?
There was a problem hiding this comment.
I do not like "draft", as this sounds to me like it is still worked on by the author and not already reviewed.
| can be based for example for the requiremnts on their "Implemented by", "Verified by" and "Requirement Covered" attribute. | ||
| For example when requesting a new feature by filling out the :need:`GD_TEMP__Feat_Request_Template` | ||
| you are asked to also specify the feature's requirements | ||
| - it is not expected that the maturity of the requirements is already enough at this time to make a good inspection. |
There was a problem hiding this comment.
This really sounds like those requirements should be "best guess" or "submitted", and not be named "valid"
There was a problem hiding this comment.
I looked into our projects. They use: state = enum<draft, assumed, agreed, obsolete>
The flows are e.g. (first state -> next state):
- draft -> assumed -> agreed (full flow that as rare as possible)
- draft -> agreed (when an old draft is finally agreed by all parties)
- assumed -> agreed (when an assumption had to be made, and now finally all parties agree)
- agreed (when a new requirement is immediately reviewed by all parties)
There was a problem hiding this comment.
This may be ok for requirements where you maybe also have external development, but the process tries to also cover inspections of other work products (architecture, code). But I take the hint and we will talk about the states names in the process community.
| also a review checklist is provided for guidance, but no formal inspection is required. The same is true for Safety Analysis and DFA. | ||
| The independence of testing respectively of test case review is covered by the use of GitHub also for the review of test cases. | ||
| Which means that at least the test case definition or the test case review is performed by | ||
| another person as the author of the verified work product. |
There was a problem hiding this comment.
Do we need to create a process req for it?
There was a problem hiding this comment.
But that is already covered by our current configuration, as the review always has to be done by another person.
There was a problem hiding this comment.
but now also added several process requirements for the concept - also based on #567
aschemmel-tech
force-pushed
the
aschemmel-tech-patch-3
branch
from
00753ed to
c9ff682
Compare
License Check Results🚀 The license check preparation job ran successfully. Status: Click to expand output |
hoe-jo
left a comment
hoe-jo
left a comment
There was a problem hiding this comment.
ok for an initial proposal
Ref: closes #321
see also the problem formulation in #567